Skip to main content

Veeam Service Provider Console 9 Builds - Severity: Critical CVSS v3.1 Score: 9.4

  • June 9, 2026
  • 1 comment
  • 23 views
Link State
Forum|alt.badge.img+12

 

 

hi Guys, i according to publicly available information, the vulnerability is related to the Alarm Script Execution functionality. If this feature is enabled, an attacker may be able to exploit it to achieve remote code execution (RCE) on the server hosting Veeam Service Provider Console (VSPC).

www.veeam.com/kb4853 

fixed: https://www.veeam.com/kb4788

Affected Versions

The following versions are affected:

  • All VSPC versions prior to 9.2.1.33875
  • All 9.0, 9.1, and earlier builds
  • Version 9.2.0.33215 may be vulnerable only if alarm script execution has been explicitly enabled.

 

Remember step upgrade:

9.0.0.29860

9.1.0.30713 https://www.veeam.com/products/downloads/latest-version.html?tab=previous

9.2.1.33875

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MVP | MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500|AZ305 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired) | ‪@linkstate.bsky.social‬

    1 comment

    Chris.Childerhose
    Forum|alt.badge.img+22

    Time to check our VSPC version and patch if needed.   Thanks for sharing. 👍

    Chris Childerhose (Enterprise Architect) - VMCE+ | VMCA | VMCE | VMCE-SP | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 7* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV/VCP-VVF | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
      Terms & ConditionsAccessibility statement